<?php
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
	if (!isset($_POST['username']) || !isset($_POST['password'])) {
		header( "Location: ../xml/login.xml" );
	}

	//check that the form fields are not empty, and redirect back to the login page if they are
	elseif (empty($_POST['username']) || empty($_POST['password'])) {
		header( "Location: ../xml/login.xml" );
	}
	
	else{

	//convert the field values to simple variables
	//add slashes to the username and md5() the password
	$user = $_POST['username'];
	$pass = md5($_POST['password']);

	//set the database connection variables
	
	$dbHost = "localhost";
	$dbUser = "yinch838";
	$dbPass = "yinch838-09";
	$dbDatabase = "yinch838";

	//connect to the database
	$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
	mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");
	$result=mysql_query("select * from login where login='$user' AND password='$pass'", $db);

	//check that at least one row was returned
	$rowCheck = mysql_num_rows($result);
	if($rowCheck > 0){
		while($row = mysql_fetch_array($result)){
			session_start();
			$_SESSION['username'] = $user;
			header( "Location: check_login.php" );
		}
	}
	else {
		//if nothing is returned by the query, unsuccessful login code goes here...
		header( "Location: check_login.php" );
	}
}
?>